Question 1
Which two roles can be modified? (Choose two.) A. Administrator
B. Network Administrator
C. Datastore Consumer
D. Read-Only
Answer B, C
It is a common knowledge that you cannot modify Administrator role and grant whatever privileges you like. Same is the case with read-only. This role is created solely for ready only purposes. So you are left with two viable options - Network administrator and Datastore consumer both of which can be modified to add or delete privileges according to your specifications.
Question 2
An administrator with global administrator privileges creates a custom role but fails to assign any privileges to it.
Which two privileges would the custom role have? (Choose two.)
A. System.View
B. System.Anonymous C. System.User
D. System.ReadOnly

VMware 2V0-621D
Answer A, B
When you add a custom role and do not assign any privileges to it, the role is created as a Read Only role with three system-defined privileges: System.Anonymous, System.View, and System.Read.
Reference: 2FGUID-93B962A7-93FA-4E96-B68F-AE66D3D6C663.html
Question 3
An object has inherited permissions from two parent objects. What is true about the permissions on the object?
A. The common permissions between the two are applied and the rest are discarded. B. The permissions are combined from both parent objects.
C. No permissions are applied from the parent objects.
D. The permission is randomly selected from either of the two parent objects.
Answer B
Most inventory objects inherit permissions from a single parent object in the hierarchy. For example, a datastore inherits permissions from either its parent datastore folder or parent datacenter. Virtual machines inherit permissions from both the parent virtual machine folder and the parent host, cluster, or resource pool simultaneously. To restrict a user's privileges on a virtual machine, you must set permissions on both the parent folder and the parent host, cluster, or resource pool for that virtual machine.
Reference: com.vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guide/ managing_users_groups_roles_and_permissions/c_hierarchical_inheritance_of_permissions.html
Question 4
Which three Authorization types are valid in vSphere? (Choose three.) A. Group Membership in vsphere.local
B. Global
C. Forest
D. vCenter Server
E. Group Membership in system-domain

VMware 2V0-621D
Answer A, B, D
Sphere 6.0 and later allows privileged users to give other users permissions to perform tasks in the following ways. These approaches are, for the most part, mutually exclusive; however, you can assign use global permissions to authorize certain users for all solution, and local vCenter Server permissions to authorize other users for individual vCenter Server systems.
- Reference: 2FGUID-74F53189-EF41-4AC1-A78E-D25621855800.html
See Global Permissions.
See Groups in the vsphere.local Domain.
Question 5
Which three components should an administrator select when configuring vSphere permissions? (Choose three.)
A. Inventory Object B. Role
C. User/Group
D. Privilege
E. Password
Answer A, B, C
In vSphere, permission consists of a user or group and an assigned role for an inventory object, such as a virtual machine or ESX/ESXi host. Permissions grant users the right to perform the activities specified by the role on the object to which the role is assigned.
Reference: com.vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guide/ managing_users_groups_roles_and_permissions/c_permissions.html
Question 6
In which two vsphere.local groups should an administrator avoid adding members? (Choose two.) A. SolutionUsers
B. Administrators
C. DCAdmins
D. ExternalPDUsers

VMware 2V0-621D
Answer A, B
The vsphere.local domain includes several predefined groups. Assign users to one of those groups to be able to perform the corresponding actions.
For all objects in the vCenter Server hierarchy, permissions are assigned by pairing a user and a role with the object. For example, you can select a resource pool and give a group of users read privileges to that resource pool by giving them the corresponding role.
For some services that are not managed by vCenter Server directly, privileges are determined by membership to one of the vCenter Single Sign-On groups. For example, a user who is a member of the Administrator group can manage vCenter Single Sign-On. A user who is a member of the CAAdmins group can manage the VMware Certificate Authority, and a user who is in the LicenseService.Administrators group can manage licenses.
Reference: 2FGUID-87DA2F34-DCC9-4DAB-8900-1BA35837D07E.html
Question 7
An administrator has configured three vCenter Servers and vRealize Orchestrator within a Platform Services Controller domain, and needs to grant a user privileges that span all environments. Which statement best describes how the administrator would accomplish this?
A. Assign a Global Permission to the user.
B. Assign a vCenter Permission to the user.
C. Assign vsphere.local membership to the user. D. Assign an ESXi Permission to the user.
Answer A
Global permissions are applied to a global root object that spans solutions, for example, both vCenter Server and vCenter Orchestrator. Use global permissions to give a user or group privileges for all objects in all object hierarchies.
Reference: 2FGUID-C7702E31-1623-4189-89CB-E1136AA27972.html
Question 8
What is the highest object level from which a virtual machine can inherit privileges? A. Host Folder

VMware 2V0-621D
B. Data Center
C. Data Center Folder D. VM Folder
Answer C Explanation:
- Reference:
Question 9
Lockdown Mode has been enabled on an ESXi 6.x host and users are restricted from logging into the Direct Console User Interface (DCUI).
Which two statements are true given this configuration? (Choose two.)
A. A user granted administrative privileges in the Exception User list can login. B. A user defined in the DCUI.Access without administrative privileges can login. C. A user defined in the ESXi Admins domain group can login.
D. A user set to the vCenter Administrator role can login.
Answer A, B
Reference: 2FGUID-F8F105F7-CF93-46DF-9319-F8991839D265.html
Question 10
Strict Lockdown Mode has been enabled on an ESXi host.
Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?
A. Grant the users the administrator role and enable the service.
B. Add the users to Exception Users and enable the service.
C. No action can be taken, Strict Lockdown Mode prevents direct access. D. Add the users to vsphere.local and enable the service.
Answer B Explanation:

VMware 2V0-621D
Reference: 2FGUID-F8F105F7-CF93-46DF-9319-F8991839D265.html
Would you like to see more? Don't miss our 2V0-621D PDF file at: